CVE-2019-6500 Information

Feb 14, 2021 cve

Description

In Axway File Transfer Direct 2.7.1 an unauthenticated Directory Traversal vulnerability can be exploited by issuing a specially crafted HTTP GET request with 2e instead of ‘.’ characters as demonstrated by an initial /h2hdocumentation//2e2e/ substring.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Reference

https://github.com/inf0seq/inf0seq.github.io/blob/master/_posts/2019-01-20-Directory-Traversal-in-Axway-File-Transfer-Direct.md https://inf0seq.github.io/cve/2019/01/20/Directory-Traversal-in-Axway-File-Transfer-Direct.html

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

NONE

Base Severity

7.5

Share on: